Sean Lange (5/1/2014)
The first and the biggest issue is this is wide open to sql injection.
In most cases, I'd strongly agree with you but... with two DATE, one INT, and one CHAR(1) parameters, I'd have to say that SQL Injection is impossible for the given code.
As to whether or not dynamic SQL is required for the original query or not goes, I'd have to agree with you and the others... NOT. 🙂
--Jeff Moden
Change is inevitable... Change for the better is not.